[Bro] [bro] misp2bro

Tim Desrochers tgdesrochers at gmail.com
Sun Apr 17 08:15:51 PDT 2016 

Thanks, I'll try to hit up the creator again and see if it can be fixed

On Sun, Apr 17, 2016 at 10:50 AM, David André <elhoim at gmail.com> wrote:

> Then it is probably the fact that the misp2bro script is exepcting an
> old format of XML from MISP.
> Given the date of creation of the script, I would say it expects v2.3
> file format, while you are probably using a v2.4 MISP.
>
> On Sun, Apr 17, 2016 at 9:35 AM, Tim Desrochers <tgdesrochers at gmail.com>
> wrote:
> > I've attached the error log and the xml.  I don't see any issues with the
> > XML and the error log just shows that it started processing the XML.  The
> > script errors out after beginning to process the XML so thats why I
> assume
> > there are no more entries in the log.
> >
> > Thanks for the pointer to the PyMISP.  I will look into it
> >
> >
> >
> > On Sun, Apr 17, 2016 at 10:28 AM, David André <elhoim at gmail.com> wrote:
> >>
> >> Is there an error message in the xml file?
> >> If yes, could you post it?
> >>
> >> If you want to write your own script to download IOCs, there is the
> >> PyMISP library  @ https://github.com/MISP/PyMISP/
> >> This library is really great because it abstracts most of the details
> >> needed to create a script for interacting with a MISP instance.
> >>
> >> Then you can just grep your bro logs, or generate bro IOCs lists that
> >> can be used to match.
> >>
> >> On Sun, Apr 17, 2016 at 6:19 AM, Tim Desrochers <tgdesrochers at gmail.com
> >
> >> wrote:
> >> > Anyone using MISP?  I installed MISP as a test and it seems pretty
> >> > useful.
> >> > What I can't seem to get working is the misp2bro script written to
> >> > export
> >> > indicators in MISP to bro format.
> >> >
> >> > https://github.com/unusedPhD/misp2bro
> >> >
> >> > When I run the script it appears to crash and give the error:
> >> > Traceback (most recent call last):
> >> >   File "misp2bro.py", line 288, in <module>
> >> >     if makeBroFiles(parseXML(EXPORT_FILE)):
> >> >   File "misp2bro.py", line 168, in makeBroFiles
> >> >     if int(event.find('attribute_count').text):
> >> > AttributeError: 'NoneType' object has no attribute 'text'
> >> >
> >> > If I run it again there is no crash but that is because the md5 it
> >> > generates
> >> > matches the previous hash so no action is taken on the downloaded xml.
> >> >
> >> > Has anyone used this, I could use a hand getting it working.
> >> >
> >> > Thanks
> >> > Tim
> >> >
> >> > _______________________________________________
> >> > Bro mailing list
> >> > bro at bro-ids.org
> >> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160417/111e1a26/attachment.html

More information about the Bro mailing list